Firefox is on a slippery slope

For a long time, it was just setting the default search provider to Google in exchange for a beefy stipend. Later, paid links in your new tab page were added. Then, a proprietary service, Pocket, was bundled into the browser – not as an addon, but a hardcoded feature. In the past few days, we’ve discovered an advertisement in the form of browser extension was sideloaded into user browsers. Whoever is leading these decisions at Mozilla needs to be stopped.

Mozilla garnered a lot of fully deserved goodwill with the most recent Firefox release, and here they are, jeopardising all that hard work. People expect this kind of nonsense from Google, Apple, or Microsoft – not Mozilla. Is it unfair to judge Mozilla much more harshly than those others? Perhaps, but that’s a consequence of appealing to more demanding users when it comes to privacy and open source.

About The Author

56 Comments

I dont think this is the reason at all. Google dont try to put themselves as privacy first, Apple dont try to say they care about the Open Web or as such, Microsoft and Amazon the same.

The problem here is they dont have a Marketing and Sales pitch and then does something different. Mozilla has been playing the good guys card and yet we have this. Time and Time again we let them off with Advert on new Tab page and pocket, and now this just crossed the line.

I mean, they need a revenue stream. That’s a reality that doesn’t seem to come up enough in these conversations.

That doesn’t make what they did not in contrast to their own mission statement, but I’d like to see some acknowledgment of that basic fact. Capitalism is all about profit – how does a well meaning non-profit compete in that kind of environment without a revenue stream?

BTW, everyone is always on a slippery slope. As Linus Torvolds says, security is always a matter of trust. Someone at Mozilla made a few (really, slightly) untrustworthy decisions. It could have been far worse.

As a long-time Mozilla / Firefox user, I appreciate what Mozilla stands for and everything they do to promote it. In fact, that’s why I’ve stuck with them through thick and thin. But like the author of the article, I have not always been comfortable with where they’ve drawn the line with commercial partnerships.

I am not going to abandon ship over this incident, but it does cross a serious line, and I will be keeping my eyes open. I am also not sure why management thinks this was OK, which might be the most worrying aspect of the whole thing.

Like the author says, “Whoever is leading these decisions at Mozilla needs to be stopped”.

Seems like the two best things Firefox had going for it was its customization options with extensions, and it claimed to be the browser that cared about privacy. Now, with FF57, it’s basically a Chrome clone, and I really don’t think they can be trusted anymore either.

Do we know if anyone from Google found their way to Mozilla management?

Could be another “Stephen Elop at Nokia” situation.

Nah, mozilla is doing this because it needs money, it’s that simple. For better or worse, advertisers (including google) make up most of mozilla’s revenue stream. Mozilla has millions of users, however they’re not valuable to advertisers unless mozilla can direct traffic to them, which is why they’ve been resetting user preferences and adding new ways to capture users’ attention in the browser.

I don’t like that they are messing with FF like this, but I can see why they are stuck between a rock and a hard place. I had a discussion about this recently with Morgan, and he was bothered that mozilla wasn’t being more upfront about it’s motivations for doing these things.

What does everyone here think? If mozilla came out and said “we can ditch the advertisers, but it means users would have to pay a recurring donation of $x.xx”, then how many users would actually do it? Does the donation business model work without major cutbacks?

I wish they’d just give us the option to pay real money to completely turn off the bullshit. I’m sure most wouldn’t pay, but some of us would. Maybe like $20 a year to run it on all my devices.

Yeah, I hear you. I suspect it would have to be on the honor system because many would install the “get out of my way” edition of FF and I’m not sure whether mozilla can sidestep the requirements of the MPL, which is an open source license allowing public redistribution.

There’s a quite significant difference between ‘public redistribution’ and not having to pay for certain behavior. Note that I’m not saying that the MPL permits the second case either (not that it would be enforceable anyway unless they required some kind of external verification that wasn’t open source, since they have to provide the source code publicly), but the bit you’re referring to does not preclude something like this (the original Doom game engine was publicly redistributable because of the way the demos were licensed, but you had to get a copy of the game files (by paying money in most cases) to play the full game).

They could probably use the online account (same as the one that syncs profiles) as the verification. Of course, I’m sure such things would be trivial to work around in unofficial distributions like Waterfox, but I’m one who doesn’t mind paying to support good software, esp. to avoid the kind of bullshit we’re seeing now. I understand that developers need to eat, and the world, as it currently is, does not run on free.

Nah, mozilla is doing this because it needs money, it’s that simple. For better or worse, advertisers (including google) make up most of mozilla’s revenue stream. Mozilla has millions of users, however they’re not valuable to advertisers unless mozilla can direct traffic to them, which is why they’ve been resetting user preferences and adding new ways to capture users’ attention in the browser.

I don’t like that they are messing with FF like this, but I can see why they are stuck between a rock and a hard place. I had a discussion about this recently with Morgan, and he was bothered that mozilla wasn’t being more upfront about it’s motivations for doing these things.

What does everyone here think? If mozilla came out and said “we can ditch the advertisers, but it means users would have to pay a recurring donation of $x.xx”, then how many users would actually do it? Does the donation business model work without major cutbacks?

The worst part: Apparently, they weren’t paid for this; it was solely a PR cooperation thing.

It just gets worse and worse. I was so happy to see the performance come back into parity with Chrome, then they pull out another two user-hostile moves in less than two weeks. First it was silently changing the user’s custom search settings to Google (oh but that had nothing to do with their new Google partnership, sure). Then they go and pull this bullshit.

You know, I almost dropped them over even considering Directory Tiles, then again when they integrated Pocket into the code itself instead of keeping it as a plugin the user could disable.

Now, I think I am done for good. I’m looking for a cross platform browser with bookmark sync that isn’t based on Firefox or Chrome, or barring that, a way to sync bookmarks that works reliably in Edge and Midori.

Nope. Besides being Firefox-based and therefore ultimately subject to Mozilla’s upstream decisions, there are a few things about it that bug me.

Waterfox is partners with Ecosia, a search engine that plants trees with its generated revenues. [/q]

While this is a noble cause, it’s still running my searches through a search engine that generates revenue based on mining my search data, tying it to my identity, and logging visited links. I’m opposed to that on principle[1].

[q]Webpage and technical data to Googleâ€™s SafeBrowsing service: To help protect you from malicious downloads, Firefox sends basic information about unrecognized downloads to Google’s SafeBrowsing Service, including the filename and the URL it was downloaded from. Learn more or read Googleâ€™s Privacy Policy. Opting out prevents Firefox from warning you of potentially illegitimate or malicious websites or downloaded files.

First, they should consider replacing “Firefox” with “Waterfox” to avoid confusion. Second, this clause in their privacy policy shows they are still sending every single file you download through Google’s wringer, and they make it sound ominous and scary if you opt out. Google is no longer allowed anywhere near my devices and my life.

So really, it’s Firefox with a different pelt. No thanks.

[1] So how do I search at all, you may ask? I use Startpage.com, which generates revenue by completely divorcing your current search from any identifying information such as IP address and browser fingerprint, and uses those keywords alone to generate ad links. If you don’t click the ad links, the advertisers don’t know you exist. They don’t store past searches and they don’t tie the active search to your identity.

There will always be blood, but focusing on search engine while you can safely turn to duckduck as a personal choice, which is a no brainer. I was mostly referring to this feature list of missing quirks :

Totally with you. I dumped Firefox 3 year ago when it became clear they was screwing it and their users over to become another Chrome clone! I moved to Pale Moon and have been completely happy with it, also started using Vivaldi on occasion but I still prefer Pale Moon.

Everybody likes free software; everybody likes to be paid for the job he does.

Mozilla is not an open source project carried on by volunteers in their free time, it’s a foundation with paid employees and developers. For years they have made public their need for money to pay bills and salaries, that is why they also abandoned some projects (see Thunderbird) to concentrate only on Firefox. And to carry on a project like a modern web browser they need full time paid employees, it’s unthinkable to develop such a projects using only volunteers in their free time.

If you want to contribute it’s fairly easy, just open mozilla.org and in the top banner you will find what you are looking for. Or, if you are a developer, help writing code or testing in your free time, for free.

Mozilla is not an open source project carried on by volunteers in their free time, it’s a foundation with paid employees and developers. For years they have made public their need for money to pay bills and salaries, that is why they also abandoned some projects (see Thunderbird) to concentrate only on Firefox. And to carry on a project like a modern web browser they need full time paid employees, it’s unthinkable to develop such a projects using only volunteers in their free time. [/q]

“Unthinkable” is much too strong, but you are right even non-profits have employee salaries and bills to pay.

The problem for me is that I’m becoming less happy with their direction and their dismissal of user concerns over the years. It used to be the goto browser for developers everywhere, but I’m getting more annoyed by their opaque operations and bad policies. Like last year, when they decided to block addon sideloading and required developers to submit their own extensions to mozilla even when developers only want to install them on their own computers. Mozilla no longer allows me to take an open source extension and modify it for use on my computer, frankly this is bullshit. It’s one of several things they’ve done to make me less inclined to support them.

You don’t have to publish your extension on AMO. However, even if you are not intending to publish your extension on AMO, you do have to submit it to AMO so it can be reviewed and signed. Release versions of Firefox will refuse to install extensions that are not signed by AMO.

Also, while they’re entitled to depreciate whatever they want in a particular release, they go further than that and use crypto to actively block developers from downgrading. I’ve come to expect this level of manipulation by large corporations, but for a non-profit it leaves a sour taste in my mouth.

[q]Note that once you have uploaded your extension to AMO, you can’t then update the extension to use the Add-on SDK or legacy XUL/XPCOM techniques. If you do switch to one of these platforms, you must submit it as a completely new extension.

That is: porting from legacy extension systems to use WebExtension APIs is a one-way street.

At least there’s a firefox fork called waterfox that addresses many of these concerns:

Developer Edition (formerly Aurora channel), unbranded builds, and ESR channel have an about:config key which lets you turn off signing enforcement, so I’ve made sure to stay on one of them (with it off) at all times as a matter of principle.

It’s only the branded Stable and Beta channel builds which force it on.

When that failed (after millions of wasted donations) they abandoned Thunderbird.

You are right, I forgot the doomed firefox-OS. But they were not alone in trying to build a new phone OS. Most of those efforts were doomed from the start, but it *might* have made sense back then. Now there is a firefox app both on iOS and Android, but how many use it ? (I don’t).

Mozilla is left with only a “loyal” user base in the pc world which is getting thinner year after year. Funding will be a fight for survival in the next years otherwise it will be chrome-edge-safari, all proprietary.

Mozilla might not be the sinless angel, but for sure it is the lesser evil.

I wouldn’t quite say they abandoned Thunderbird. Their argument that it’s functionally completed software (other than bug fixes and simple maintenance) is technically true for the time being, given that it is an e-mail client, and it does everything an e-mail client needs to do, in many cases more correctly or sanely than many competitors.

Personally, I’m glad they quit trying to add new features, as those new features ended up being a pain in the arse on a rather frequent basis (like the whole handling of the Reply-To headers and mailing lists recently).

I wouldn’t quite say they abandoned Thunderbird. Their argument that it’s functionally completed software (other than bug fixes and simple maintenance) is technically true for the time being, given that it is an e-mail client, and it does everything an e-mail client needs to do, in many cases more correctly or sanely than many competitors. [/q]

In order to manage these two perspectives, we are proposing to adapt the Thunderbird release and governance model in a way that allows both ongoing security and stability maintenance as well as community driven innovations for the product. We are opening this plan for discussion to individuals and organizations interested in maintaining and advancing Thunderbird in the future. We are looking for your feedback, comments and suggestions to refine and adapt the plan in the best possible way.

However in 2015 the situation become a bit more dire for thunderbird when they pulled the remaining resources off the project with the intention of offloading it entirely. Again in their words:

[q]1. Firefox and Thunderbird have lived with competing demands for some

time now. Today Thunderbird developers spend much of their time

responding to changes made in core Mozilla systems and technologies. At

the same time, build, Firefox, and platform engineers continue to pay a

tax to support Thunderbird.

2. These competing demands are not good for either project. Engineers

working on Thunderbird must focus on keeping up and adapting Firefoxâ€™s

web-driven changes. Engineers working on Firefox and related projects

end up considering the competing demands of Thunderbird, and/or

wondering if and how much they should assist Thunderbird. Neither

project can focus wholeheartedly on what is best for it.

3. These competing demands will not get better soon. Instead, they are

very likely to get worse. Firefox and related projects are now speeding

up the rate of change, modernizing our development process and our

infrastructure. Indeed, this is required for Mozilla to have significant

impact in the current computing environment.

4. There is a belief among some that living with these competing demands

is good for the Mozilla project as a whole, because it gives us an

additional focus, assists Thunderbird as a dedicated open source

community, and also supports an open source standards based email

client. This sentiment is appealing, and I share it to some extent.

There is also a sense that caring for fellow open source developers is

good, which I also share. However, point 2 above â€” â€œNeither project can

focus wholeheartedly on what is best for itâ€ — is the most important

point. Having Thunderbird has an additional product and focus is *not*

good overall if it causes all of our products â€” Firefox, other

web-driven products and Thunderbird â€” to fall short of what we can

accomplish.

5. Many inside of Mozilla, including an overwhelming majority of our

leadership, feel the need to be laser-focused on activities like Firefox

that can have an industry-wide impact. With all due respect to

Thunderbird and the Thunderbird community, we have been clear for years

that we do not view Thunderbird as having this sort of potential.

6. Given this, itâ€™s clear to me that sooner or later paying a tax to

support Thunderbird will not make sense as a policy for Mozilla…

I do wish they had released an android client before terminating the project. I still use thunderbird as my primary email & calendar software, but there are several longstanding bugs that have remained open and nobody’s fixing them. I’m affected by an SSL bug and a webdav password manager bug, but the bugtracker just recommends server side workarounds as nobody’s fixing the client.

Open source software is often trumpeted as living forever because anyone can fork the code and continue development. But it makes me wonder: as years turn into decades, how many (popular) open source packages are going to fall due to developer abandonment.

[q]We have added a variety of features; such as ACL support and Public Folder access to Exchange Web Services in Exchange 2007 SP1 to replace Exchange WebDAV functionality and are continuing to invest in additional functionality in the next release of Exchange.

I guess it shouldn’t be a big surprise, microsoft has a history of breaking interoperability standards.

I guess it shouldn’t be a big surprise, microsoft has a history of breaking interoperability standards.

Yep, even with their own software. Ever seen what happens when you try to connect Office 2003 to an Exchange 2010 server? Not pretty, and this was back in the day when people still ran Office 2003 for a variety of reasons.

Songbird and Sunbird were two other really nice mozilla gecko projects. I really liked songbird for my music and sunbird had some nice features that windows calendar and apple calendar did not have at the time.

For guy who uses a iPad Pro 12.9, Apple Watch, iPhone X, you need to take several seats.

Quite a few people – including myself – can be empathetic to other people’s concerns, understand them, voice them, and argue on their behalf, even if we don’t necessarily agree with them, either fully or partially.

So, even if I don’t personally use Firefox, I can understand why many Firefox users are concerned, and how Mozilla’s recent decisions simply do not align with the wishes of the generally more demanding Firefox users.

The fact that I, among others, also use Apple products has no bearing on this argument. But hey, if you need to tell yourself this to solve your cognitive dissonance caused by Mozilla’s behavior – be my guest.

I have been using the same web browser, in terms of codebase, ideology and heritage, for over 25 years; ever since NCSA Mosaic. I have been with the same product through its Netscape years and strayed to Opera for a bit only during that brief period between Netscape 6 and the early Firebird years (before it became Firefox).

I have had to â€œjump shipâ€ from being a Firefox purist to using Waterfox some time ago. And I havenâ€™t looked back.

Itâ€™s a crying shame that Firefox is taking this direction, actually, because I would love to trust them but I just cannot.

Want to turn off Google’s menagerie in Chrome? You can’t. Sorry. But firefox sucks, because it doesn’t spy as well as Chrome does? It doesn’t leak DNS like Chrome does. etc.etc…

Look… what I’m saying is just because you drank the Google Kool-Aid, you need to watch what you say about other browsers that do a lot more to protect you. Especially when you’re accusing them of not protecting you.

As for the rest of the “problems”, they are all shared by all the major browsers at this point. Just don’t say Firefox sucks, I can pretty much prove you’re wrong unless you’re using some browser with .00001% of the marketshare (and even then, it’s just because I haven’t looked at it).

I wonder how much the Firefox wage and overheads bill is Vs the Wikipedia one.

Of course the latter will be less expensive head count and more server and bandwidth cost skewed but do we think the overall could be in the same ballpark.

As Wiki seem to make do (just) with their annual donation drive. Maybe Firefox could do something similar

?

Another idea is that I think mozilla could be in a favorable position to implement a viable microtransaction model in the browser that could work not only for themselves but for websites around the web. These would be tiny low overhead payments that the credit card companies have mostly failed to cater to.

This could be a browser plugin that the user explicitly sends donations through, or in an alternate form the user might have an account where the user can set a low spending cap ($1-5 a month) and participating websites could collect a share based on how much the user used them.

Whether or not users would trust mozilla’s management would be a different question, but it’s just an idea.

Interesting. I’ve used the browser before but wasn’t aware of this feature. That page overemphasizes “youtube”, which doesn’t interest me much, and I couldn’t tell whether the feature worked with other websites until I registered. It sounds neat but their website leaves me with more questions than answers. How am I supposed to know if a website is participating? Is this an open standard, or something proprietary? How do I pay for tokens and who manages it? What’s the status? Is it being used today? It refers to “basicattentiontokens” and the ethereum block chain, but the relationship to the brave browser is not spelled out clearly. Is the brave browser using P2P?

Do you know of a better website with (alot) more details? The project seems like it could have merit, but they need to provide more information for people to become interested. Also part of the reason I said mozilla was in a good position to do micropayments is because the FF webbrowser still has a large userbase. Do you have any idea about brave’s marketshare? The truth is it’ll be a lot harder to gain traction with an unknown browser.

Interesting. I’ve used the browser before but wasn’t aware of this feature. That page overemphasizes “youtube”, which doesn’t interest me much, and I couldn’t tell whether the feature worked with other websites until I registered. It sounds neat but their website leaves me with more questions than answers. How am I supposed to know if a website is participating? Is this an open standard, or something proprietary? How do I pay for tokens and who manages it? What’s the status? Is it being used today? It refers to “basicattentiontokens” and the ethereum block chain, but the relationship to the brave browser is not spelled out clearly. Is the brave browser using P2P?

Do you know of a better website with (alot) more details? The project seems like it could have merit, but they need to provide more information for people to become interested. Also part of the reason I said mozilla was in a good position to do micropayments is because the FF webbrowser still has a large userbase. Do you have any idea about brave’s marketshare? The truth is it’ll be a lot harder to gain traction with an unknown browser.

Thanks for mentioning it, I’ll try to learn more about how it works!

Daniel over at ctrl.blog has written a couple of articles about Brave (and flattr, which provides a similar service as a browser extension): https://www.ctrl.blog/?s=Brave

I acutally had a ZTE open C device that I kept an updated version of Firefox OS on for awhile… it was acutally quite pleasant to use and supprisingly functional. It was really about 3-5 years too soon for it though as WebAssembly and all the changes going into FireFox right now would have helped alot.